Registration Registration for workshops is open at

We’ve got 6 workshops for you this year!

  • Since capacity is limited, we do attach a nominal $10 fee to advance registration to prevent speculative registrations and limit no-shows.
  • There will be some walk-in spots in each workshop. We will not keep a waitlist, but empty seats will be made available first-come-first-served at the start of the workshop.
  • We will share your email address with the trainer. They may send info out ahead of the training.
  • If for any reason, this fee is a barrier to your attending, use the coupon code ‘IPROMISETOATTEND’ to register for free.
  • Please treat registration as a community resource - excessive registrations may be cancelled. Let us know if you can’t attend so we can reopen those seats.

Purple Teaming with Detection-as-Code for Modern SIEM Workshop

Ken Westin (@kwestin on Twitter)

Friday 11 AM to 1 PM

One of the challenges for security teams is writing and deploying detections that generate actionable alerts with rich context while also reducing noisy alerts. This hands-on workshop will teach the fundamentals of Purple Teaming and detection-as-code to help build new detections. This session will show how to leverage Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks. I will show how to use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.

Ken Westin has been in the cybersecurity field for over 15 years working with companies to improve their security posture, through threat hunting, insider threat programs, and vulnerability research. In the past, he has worked closely with law enforcement helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America, and others, and is regularly reached out to as an expert in cybersecurity, cybercrime, and surveillance. Ken is an Oregon Native who splits his time between a house in the woods near Portland and a beach shack on the Oregon Coast with his wife, son, and two dogs. He holds a BA from Lewis & Clark College, a graduate degree from the University of Portsmouth UK, and several security certifications. He is a self-professed guitar and record hoarder and amateur musician.

Digital Forensics and File Recovery Workshop

Portland State University Cybersecurity Club

Friday 1 PM to 3 PM

This is a surface level demonstration of the Digital Forensics discipline of cybersecurity. Including an introduction to different filesystems, plus industry tools (such as dd, sleuthkit, binwalk, and many more). Additionally, a data recovery engagement will be simulated through a capture the flag scenario.

Our mission is to promote security culture, ethics, research, ongoing education, and development of safer code through playing in Capture the Flag competitions.


Insider Threat IR Workshop: A Hands-on Zero to 60

aviditas (“A” on the #503Hax group in signal)

Friday 3 PM to 5 PM

From the open-source data created by Blue Team Village’s Project Obsidian, three real world generated InT cases will be tackled by the participants of this workshop. Starting with a common but low threat level, moving to a gray area case, and finishing with a complex incident.

With an inability to tolerate boredom and background in hunting social engineers, aviditas moved from engineering and corporate training to work in customer facing & traditional blue team environments. As a generalist by nature, the Sisyphusian nature of the industry is the main appeal as breadth of knowledge is rewarded. Aviditas is an advocate for demystifying and removing cost barriers for high quality InfoSec training and resources.

Capture The Flag (CTF) With Feedback And Hints Workshop

Jens Mache

Saturday 11 AM to 1 PM

Capture The Flag (CTF) With Feedback And Hints. Short descriptions at

Jens Mache is an educator and researcher at Lewis & Clark College in Portland, Oregon. His certifications include SANS/ GIAC Certified Intrusion Analyst (GCIA), Penetration Tester (GPEN), Incident Handler (GCIH).

Badgelife Creator 101: Making Your First Electronic Badge Workshop

David Tomaschik (Matir) (@matir on twitter ,

Saturday 1 PM to 3 PM

Badgelife, or the culture that has evolved around creating your own unofficial event badges, continues to be a big part of the hacker conference scene. Many people have ideas but don’t know how to turn these ideas into reality. I’ll talk about the basic steps to take a badge idea and turn it into a physical badge, along with tips and tricks I’ve learned from making 4 badgelife badges.

David is a senior engineer and tech lead of the internal Red Team at Google. When not breaking things, he enjoys making electronics and teaching others about security and electronics. He has spoken at DEF CON, BSidesLV, BSidesSF, and other events.

Network Protocol Fuzzing With Boofuzz Workshop

Joshua pereyda (@jtpereyda on Twitter)

Saturday 3 PM to 5 PM

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol “smart fuzzing.” Exercises will utilize the open source network protocol fuzzing framework, boofuzz. Attendees will gain practice understand network protocols, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

Joshua is a software engineer specializing in security, a small business owner, and the maintainer of the boofuzz network protocol fuzzing framework. When not hacking, he likes to program. When not programming, he likes to hack. Among his other passions are attending orchestral concerts with his wife, drilling fine motor skills with his toddlers in the form of fun and games, teaching anyone and everyone to program and hack, using AI to code for him, and identifying new ways to break the rules for good.